[wplug] I need to "wiretap" an HTTPS connection - how?

Pat Barron pat at lectroid.com
Fri Oct 31 17:57:05 EDT 2014


The other interesting wrinkle here (I know I'm getting away from Linux, 
per se - but it's just kind of interesting....).

When the app makes this SOAP request, it gets as far as completing the 
SSL handshake (based on what I see in the app server logs with a whole 
bunch of SSL tracing turned on), and then the server side drops the 
connection and I get "Connection reset".  When I manually make 
(apparently) the same request via SOAP UI (a troubleshooting / 
development tool for SOAP apps), it works just fine.  No idea why it's 
failing from the app - this is driving me batty....  ;-)

--Pat.

On 10/31/2014 5:50 PM, Pat Barron wrote:
> I can't use anything that runs within a browser (such as Firebug), 
> since this is an app running on a Java app server that's using a SOAP 
> API to get data from elsewhere.  But, from first glance, it looks like 
> ZAP might help me out here, maybe even Fiddler (if I can set it up on 
> a Windows box).  Fiddler, I already knew about, but I was not aware of 
> ZAP - thanks for this pointer!!
>
> --Pat.
>
> On 10/31/2014 2:35 PM, Jake S wrote:
>> For something like firefox I'd try firebug (see net tab).  Also if 
>> you have access to a windows box Fiddler is a nice proxy.  It *can* 
>> mitm your ssl requests with it's own root cert.  I think something 
>> like burpsuite or zap would be easy enough to use. It's been a while 
>> since I've used either of those.
>>   http://getfirebug.com/
>>   http://www.telerik.com/fiddler
>>   http://portswigger.net/burp/
>>   http://code.google.com/p/zaproxy/
>>   -Jake
>>> Date: Fri, 31 Oct 2014 14:26:42 -0400
>>> From: pat at lectroid.com
>>> To: wplug at wplug.org
>>> Subject: Re: [wplug] I need to "wiretap" an HTTPS connection - how?
>>>
>>> No, we don't - the server is operated by a different team than the one
>>> I'm working with.  Aside from making SOAP API calls, we have no access
>>> to the server itself.  (The server is actually operated by the
>>> organization I'm working with, but by a different team - worse comes to
>>> worse, we may need to figure out how to get someone on the team that
>>> operates the server to dig through server logs for us - but it's a 
>>> large
>>> organization, and the person I'm working with doesn't know or work with
>>> any of those folks....)
>>>
>>> --Pat.
>>>
>>> On 10/31/2014 1:59 PM, Chris Thomas wrote:
>>>> Do you have access to the server's SSL private keys? If so, you can 
>>>> install
>>>> them into Wireshark and decrypt the encrypted traffic.
>>>>
>>>> -Chris
>>>>
>>>> On Fri, Oct 31, 2014 at 12:39 PM, Pat Barron <pat at lectroid.com> wrote:
>>>>
>>>>> So, long story short...
>>>>>
>>>>> I have an application making an HTTPS connection to a URL (for the 
>>>>> purpose
>>>>> of POSTing a SOAP request, though that's probably not relevant per 
>>>>> se...).
>>>>> Before successfully completing the HTTPS request, the remote side is
>>>>> dropping the connection on me.  I have no idea why.  I'd like to 
>>>>> be able to
>>>>> see what is actually being sent/received on  the connection - 
>>>>> though that
>>>>> is tough, since it is encrypted...
>>>>>
>>>>> I have the ability to change the host and URL that is being used, 
>>>>> and to
>>>>> make the application use HTTP instead of HTTPS.  What I have in 
>>>>> mind, is to
>>>>> try to put some kind of proxy between the app and the remote 
>>>>> server, so
>>>>> that the app connects to the proxy using HTTP, and have the proxy 
>>>>> connect
>>>>> on it's behalf to the remote server using HTTPS.  Then I can sniff 
>>>>> the
>>>>> traffic on the unencrypted HTTP connection and get a better idea 
>>>>> what is
>>>>> going on.
>>>>>
>>>>> Can anyone suggest a simple proxy I could use for this?
>>>>>
>>>>> --Pat.
>>>>>
>>>>> _______________________________________________
>>>>> wplug mailing list
>>>>> wplug at wplug.org
>>>>> http://www.wplug.org/mailman/listinfo/wplug
>>>>>
>>>> _______________________________________________
>>>> wplug mailing list
>>>> wplug at wplug.org
>>>> http://www.wplug.org/mailman/listinfo/wplug
>>>
>>> _______________________________________________
>>> wplug mailing list
>>> wplug at wplug.org
>>> http://www.wplug.org/mailman/listinfo/wplug
>>
>> _______________________________________________
>> wplug mailing list
>> wplug at wplug.org
>> http://www.wplug.org/mailman/listinfo/wplug
>
>
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug




More information about the wplug mailing list